mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-06 11:23:48 -05:00
d14f33ea70
view args are parameters within the route. for example, `/organisation/<org_id>/users`. If there is an org_id, then check that the user is part of that organisation (users.organisations is a list of all orgs that user is a member of). * platform admins ignore this check if restrict_admin_usage=False * if an endpoint has both org_id and service_id, org_id takes precedence, but we should probably revisit this if we ever need to create such an endpoint. * you now call `@user_has_permissions()` with no arguments for organisation endpoints - we can look at this if we decide we want more clarity. * you should never call user_has_permissions without any arguments for endpoints that aren't organisation-based. We'll raise NotImplementedError if you do.